Manualshelf

User`s guide

ManualsBrandsEnterasys ManualsComputer equipmentANG-3000
321322323324325326327328329330
XSR Users Guide 287
Chapter 11 Interoperability Profile for the XSR
Configuring the Virtual Private Network
SHA-1
ESP tunnel mode
MODP group 2 (1024 bits)
Perfect forward secrecy for rekeying
SA lifetime of 3600 seconds (one hour) with no Kbytes rekeying
Selectors for all IP protocols, all ports, between 10.5.6.0/24 and
172.23.9.0/24, using IPv4 subnets
This configuration assumes you have already set up the XSR for basic
operations (refer to the XSR Getting Started Guide). Also, you should have
generated a master key (see the XSR User Guide). To set up Gateway A for this
scenario, perform the following steps on the CLI:
1
Configure the Gateway A internal LAN network (AL):
XSR(config)#interface FastEthernet1
XSR(config-if<F1>)#no shutdown
XSR(config-if<F1>)#ip address 10.5.6.1 255.255.255.0
2 Configure the Gateway A external LAN network (AW):
XSR(config)#interface FastEthernet2
XSR(config-if<F1>)#no shutdown
XSR(config-if<F1>)#ip address 14.15.16.17 255.255.255.0
3 Configure a simple, wide-open access list to permit all traffic from the
source to the destination network:
XSR(config)#access-list 101 permit ip 10.5.6.0 0.0.0.255
172.23.9.0 0.0.0.255
4 Configure a default route:
XSR(config)#ip route 0.0.0.0 0.0.0.0 14.15.16.1
5 Configure IKE Phase 1 policy:
XSR(config)#crypto isakmp proposal Safe
XSR(config-isakmp)#authentication pre-share
XSR(config-isakmp)#encryption 3des
XSR(config-isakmp)#hash sha
XSR(config-isakmp)#group 2
XSR(config-isakmp)#lifetime 28800